On September 24, the FTC filed six federal cases against companies, mostly based in India, that have allegedly been scamming consumers by posing as computer tech support. The FTC describes the move as a “major international crackdown” against tech support scams. The agency has expressed appreciation for the help of agencies in Australia, Canada, and the United Kingdom. On October 3, the judge issued an order to halt the scams and freezing their assets in the United States.
These scammers allegedly operate by calling consumers and claiming that they have detected some form of threatening malware on that person’s computer. Notably, they often make a claim implying that they are affiliated with a major and reputable computer or antivirus software company. In an interesting example, a staff member at tech news site ArsTechnica received a call, the very day of the injunction announcement, from a man claiming “I am calling you from Windows.” Once the supposed tech support employee has a consumer on the line, they proceed to direct them to Windows Event Viewer in order to “prove” the existence of the claimed malware. They then offer to rid the computer of the malware for a fee, reportedly “ranging from $49 to $450” according to the FTC. The consumer is then directed to download a program allowing the scammer to take control of their computer and delete the alleged malware.
These scams are particularly interesting because, unlike many consumer fraud scam situations, they don’t quite target the lowest common denominator. This isn’t a Nigerian prince asking you to help him get his money out of the country. Instead, these scammers make a claim that to many is quite believable: a computer company knows what is going on on your personal computer. After all, as the New York Times notes, if anyone is going to be able to tell what’s going on with your computer from a distance, it would be Microsoft, right? Most tech savvy users aren’t going to hand over control of their computer to someone who calls them unsolicited even if they claim to be from a reputable company, but I worked in tech support and I’ve seen how many people are, in fact, clueless about this kind of risk. We regularly reminded users “we will never ask you for your password,” but our users still got tricked into handing it over to scammers claiming to be us. Microsoft has apparently reported that out of 1,045 people who “had told the company they believed they had been contacted by a fake tech support caller. More than 400 of those either fell victim to such operations, with losses averaging $875, or had to pay an average of $1,700 to repair damage to their computer.”
The FTC’s action is based upon the Federal Trade Commission Act and the Telemarketing and Consumer Fraud and Abuse Prevention Act. Section 5(a) of the FTC Act grants the FTC power to pursue action against “[u]nfair methods of competition in or affecting commerce, and unfair or deceptive acts or practices in or affecting commerce.” The charges also cover violations of the Telemarketing Sales Rule, which deals with the Do Not Call list.